Thousands of online accounts for the National Lottery have been hacked, and some private user data most likely stolen, the media have reported this Tuesday morning.
According to the National Lottery operator Camelot, 'suspicious' activity was spotted on Monday, after online security monitoring. It says that 26,500 players' accounts have been accessed, although less than 50 accounts have had any activity on them since the incident. Camelot says chances are login credentials were stolen from another site, and then used here, as users can't shake the habit of using the same credentials for different services.
"We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details,” Camelot said in a statement.
As the company does not hold full debit or bank account information, there has been no tampering with money, however, some data might have been accessed. The company said it has started notifying involved players, helping them to "re-activate their accounts security".
Commenting on this, Alex Cruz-Farmer, VP at NSFOCUS, said “This is a great example of where hackers are getting smarter, and are systematically testing username and passwords across a full spectrum of victim websites. With these persistent and systematic attacks, it is showing how vulnerable we, as users, are without the right security mechanisms in place. This is also a great reminder to everyone to stay vigilant, and to try and avoid using the same passwords across multiple platforms and websites”.
Pete Turner, Consumer Security Expert at software security firm Avast, says consumers can no longer trust companies to keep their data safe. People must take full control of their data, and understand its value, he says, giving a few tips how to stay safe.
He says users should never use the same username (email) / password combination on multiple sites. Use two-factor authentication, when possible. Be alert to suspicious activity such as fake emails, and last but not least, set yourself up with a nice internet security product.
Image Credit: Flickr / K J Payne